Manual:$wgSecureLogin

From MediaWiki.org
Jump to navigation Jump to search

Other languages:
English • ‎español • ‎polski • ‎سنڌي • ‎中文 • ‎日本語 • ‎한국어
Special pages: $wgSecureLogin
Whether to let user authenticate using https when they come from http.
Introduced in version:1.17.0 (r75585)
Removed in version:still in use
Allowed values:(boolean)
Default value:false

Details[edit]

If true, forces users to authenticate using https when they come from http, but only if you use a protocol-relative URL in $wgServer (otherwise this setting is ignored). Note also that under certain circumstances, when serving http and https in parallel on a web server, specifying http within a browser's location and adding the fromhttp=1 query parameter, the login page will be downgraded from https to http, even when $wgSecureLogin is set to true. A link will then display above the username field allowing a user to choose the secure login option.

From 1.22 on, use $wgDefaultUserOptions to set prefershttps false by default if you want HTTP users to stay on HTTP after login by default.

Based on an idea by George Herbert on wikitech-l: mailarchive:wikitech-l/2010-October/050071.html.

You will need to set $wgServer as following.

MediaWiki version: 1.17
$wgServer           = "//replacethisexample.com";
$wgSecureLogin      = true;

See also[edit]